alert ssh $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE [NCSC] Pygmy Goat SSH Banner"; flow:established,to_client; content:"SSH-2.0-D8pjE|0d 0a|"; fast_pattern; reference:url,www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf; classtype:trojan-activity; sid:2057246; rev:1; metadata:affected_product Sophos_XG, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_11_05, deployment Perimeter, deployment Internal, malware_family Pygmy_Goat, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_11_05; target:src_ip;)